Technical Security Governance Manager

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), we unleash business-critical data trapped in documents, connecting it to systems of record to drive efficiency and innovation. Join our pioneering security team to safeguard these mission-critical platforms. The Technical Security Governance Manager plays a pivotal role in evolving our governance model from policy-driven to technically prescriptive, blending deep governance knowledge with hands-on technical acumen. You will ensure security policies and controls for our e-signature and CLM solutions are implementable, measurable, and effective—protecting customer trust while enabling secure innovation at scale. Reporting to the Director of Security Governance as an individual contributor, you will define controls, translate policies into engineering requirements, and integrate governance into CI/CD pipelines and infrastructure, collaborating closely with engineering, compliance, and risk teams to boost control adoption, fortify our security posture, and minimize friction between intent and execution. This hybrid role (minimum 2 days/week in-office) thrives in DocuSign's innovative culture, where bold ideas and collaboration fuel breakthroughs in digital agreements. You'll leverage security frameworks like ISO 27001, SOC 2, NIST, PCI DSS, and FedRAMP to align with regulatory demands, utilize GRC tools for visibility, and drive DevSecOps practices that empower engineers without slowing velocity. If you're a proactive self-starter passionate about translating risk into actionable tech steps, join us to make the world more agreeable—and more secure. At Docusign, everything is equal. We're committed to trust, honesty, and equal opportunity, fostering an environment where every voice contributes to world-changing work. Feel deep pride knowing your security expertise protects billions of agreements daily.

Key Responsibilities

• Support the development, maintenance, and refinement of enterprise-wide security policies, standards, and control objectives for DocuSign's Intelligent Agreement Management platform
• Align policies with key frameworks (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS, FedRAMP) and regulatory requirements to protect e-signature and CLM solutions
• Keep security policies and standards current, practical, and risk-aligned with evolving threats in digital agreement workflows
• Define and document implementable, measurable controls incorporating both policy and technical input from engineering teams
• Partner with engineering to embed security controls into CI/CD pipelines, infrastructure-as-code, and operational processes supporting DocuSign's global customer base
• Support policy education and adoption programs to drive awareness and compliance across engineering, product, and compliance organizations
• Design processes integrating policy-driven controls into DevSecOps practices and engineering ways of working
• Collaborate with compliance and risk teams to track, monitor, and report on control effectiveness using metrics tied to security posture
• Utilize technical tooling (e.g., GRC systems, automation dashboards) to provide real-time visibility into control implementation and e-signature platform security
• Participate in technical assurance efforts to proactively identify implementation gaps and prevent audit findings in high-stakes environments
• Contribute to cross-functional initiatives enhancing security innovation while reducing friction between governance and technical execution

Required Qualifications

• 5+ years of experience in security governance, GRC, or security engineering, with at least 3 years in a technical security role
• University degree in Computer Science, Information Systems, or related field, or equivalent work experience
• Knowledge of security frameworks and standards (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS, FedRAMP)
• Demonstrated experience defining and embedding security controls into engineering workflows, CI/CD pipelines, or infrastructure
• Familiarity with security tooling, GRC platforms, and automation frameworks
• Strong understanding of information security concepts, processes, and controls
• Proven ability to translate policy and risk requirements into actionable technical steps for engineering teams

Preferred Qualifications

• One or more certifications such as Security+, CISA, CISM, or CISSP
• Experience working in cloud environments (AWS, GCP, Azure) with exposure to infrastructure-as-code practices
• Understanding of DevSecOps, security automation, and control validation techniques
• Experience supporting cross-functional initiatives involving engineering, compliance, and product teams
• Proactive self-starter with demonstrated flexibility and organizational skills in fast-paced environments

Required Skills

• Security governance and GRC expertise
• Technical security engineering background
• Knowledge of ISO 27001, SOC 2, NIST CSF, PCI DSS, FedRAMP
• CI/CD pipeline integration and security control embedding
• Infrastructure-as-code (IaC) practices
• Cloud platforms (AWS, GCP, Azure)
• DevSecOps and security automation
• GRC platforms and security tooling
• Policy translation to technical requirements
• Cross-functional collaboration with engineering and compliance
• Strong documentation and reporting
• Excellent communication for technical and non-technical audiences
• Proactive problem-solving and self-starter mindset
• Risk assessment and control validation
• Adaptability to emerging security threats

Benefits

• Competitive salary and equity in a leading SaaS innovator
• Comprehensive health, dental, and vision insurance
• 401(k) matching and employee stock purchase plan
• Unlimited PTO and flexible hybrid work model (minimum 2 days/week in-office)
• Professional development stipend and certification reimbursement
• Parental leave and family-forming benefits
• Wellness programs including mental health support
• Volunteer time off and community impact initiatives
• DocuSign Cares Fund for employee hardship support

DocuSign is an Equal Opportunity Employer.